GHSA-3hcm-6fjc-47qq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3hcm-6fjc-47qq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3hcm-6fjc-47qq/GHSA-3hcm-6fjc-47qq.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3hcm-6fjc-47qq
- Aliases
-
- CVE-2019-0976
- Published
- 2022-05-24T22:28:08Z
- Modified
- 2024-03-24T20:41:49.187251Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- NuGet Package Manager Tampering Vulnerability
- Details
-
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default
obj), aka 'NuGet Package Manager Tampering Vulnerability'. - Database specific
{ "nvd_published_at": "2019-05-16T19:29:00Z", "cwe_ids": [ "CWE-732" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-03-24T20:28:51Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-0976
- https://github.com/NuGet/Home/issues/7908
- https://github.com/NuGet/NuGet.Client/commit/e32a2ea7096debd3e513188f6779bb1041593326
- https://github.com/NuGet/NuGet.Client
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976
- https://web.archive.org/web/20200227075944/http://www.securityfocus.com/bid/108210
Affected packages
NuGet / NuGet.Commands
Package
- Name
- NuGet.Commands
- View open source insights on deps.dev
- Purl
- pkg:nuget/NuGet.Commands